Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-2286

Published: 01/07/2009 Updated: 02/09/2009
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 440
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to James Ashton

Vulnerability Summary

Buffer overflow in compface 1.5.2 and previous versions allows user-assisted malicious users to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.

Vulnerable Product Search on Vulmon Subscribe to Product

james ashton compface 1.4

james ashton compface 1.5

james ashton compface 1.5.1

james ashton compface

Vendor Advisories

Debian CVElist Bug Report Logs: compface: bufer overflow in xbm-file
Debian Bug report logs - #534973 compface: bufer overflow in xbm-file Package: compface; Maintainer for compface is Hakan Ardo <hakan@debianorg>; Source for compface is src:libcompface (PTS, buildd, popcon) Reported by: metalhoney@hushmailcom Date: Sun, 28 Jun 2009 17:12:01 UTC Severity: grave Tags: security Found in v ...

Exploits

Exploit DB: Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC)
#!/usr/bin/perl ######################################################################### ####VIVA#ISLAM##################################################ALLAH#### ######################################################################### # compface <= 152 bufer overflow p o c # vuln only excist on debian and ubuntu? - packagesdebianorg/compf ...
Exploit DB: Compface 1.1.5 - '.xbm' Local Buffer Overflow
#!/usr/bin/python #[*] Exploit : Compface 'xbm' Local Buffer Overflow Exploit #[*] Affected : compface 115 #[*] Tested on : Ubuntu 904 (without stack randomization) #[*] Refer : bid/35863 #[*] Exploit : His0k4 #[*] Use : $compface exploitxbm out #setuid/execve shellcode for Linux/x86 by Marco Ivaldi #[*] x86/alpha_m ...

References

CWE-119http://www.openwall.com/lists/oss-security/2009/06/29/4http://www.openwall.com/lists/oss-security/2009/06/29/2http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534973http://www.securityfocus.com/bid/35863http://www.openwall.com/lists/oss-security/2009/07/03/1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534973https://nvd.nist.govhttps://www.exploit-db.com/exploits/8982/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook